This Privacy Policy describes how Synemos GmbH ("Synemos", "we", "us", or "our") collects, uses, stores, and transfers personal data when you visit our website, use our services, or interact with us in any other way. We are committed to protecting your privacy and handling your data in a transparent, lawful, and responsible manner.
Synemos operates as a Swiss-Vietnamese nearshoring and IT consulting venture with operations in Switzerland and Vietnam, serving clients across the EMEA region and Asia. This policy is designed to comply with the Swiss Federal Act on Data Protection (nFADP / revDSG), the EU General Data Protection Regulation (GDPR), and Vietnam's Personal Data Protection Decree (Decree No. 13/2023/ND-CP, "PDPD").
Data Controller and Contact
The controller responsible for personal data processing under this Privacy Policy is:
| Company | Synemos GmbH |
| Address | Junkerngasse 39, 3011 Bern, Switzerland |
| Contact Person | Raymond Stebler |
| raymond.stebler@synemos.com | |
| Website | www.synemos.com |
For all data protection enquiries, please contact us at the email address above. We aim to respond to all data protection requests within 30 days.
Scope of This Policy
This Privacy Policy applies to:
- Visitors to the Synemos website and any subdomains
- Prospective clients, business partners, and procurement contacts who interact with us
- Job applicants who submit applications through our website or by email
- Subscribers to our newsletter or status notifications
- Any individual whose personal data we process in the course of providing our services
This policy does not apply to data processed by third-party websites or services that may be linked from our website. We encourage you to review the privacy policies of any third parties you interact with.
Applicable Legal Frameworks
Synemos is headquartered in Switzerland and is subject to the Swiss Federal Act on Data Protection (nFADP, in force since 1 September 2023). Where we process personal data of individuals in the EU/EEA, the GDPR applies in parallel. Where we process data of individuals in Vietnam, Vietnam's PDPD applies. We apply the principle of the highest applicable standard where frameworks overlap.
| Jurisdiction | Legal Basis / Framework |
|---|---|
| Switzerland | Federal Act on Data Protection (nFADP / revDSG), in force since 1 September 2023; Ordinance on Data Protection (ODP) |
| EU / EEA | General Data Protection Regulation (GDPR, Regulation (EU) 2016/679); applicable to data subjects residing in the EU/EEA |
| Vietnam | Decree No. 13/2023/ND-CP on Personal Data Protection (PDPD), in force since 1 July 2023 |
| Global (general) | We apply the principle of the highest applicable standard where multiple frameworks overlap |
Personal Data We Collect
Data Collected Automatically (Website Visit)
When you access our website, your browser automatically transmits technical information to our web server, including:
- IP address of the requesting device (stored temporarily in server log files; deleted after 14 days)
- Date and time of access
- Browser type, version, and operating system
- Referrer URL (the page from which you navigated to our site)
- Files and pages requested
We use this data exclusively for the technical operation, security, and integrity of the website. The legal basis is our legitimate interest in operating a secure and functional website (nFADP Art. 31; GDPR Art. 6(1)(f)).
Contact Enquiries
If you contact us via email, contact form, or telephone, we collect your name, email address, phone number (if provided), company name, and the content of your message. We use this data solely to respond to your enquiry and, where relevant, to prepare an offer or proposal. The legal basis is the performance of a contract or pre-contractual measures (GDPR Art. 6(1)(b); nFADP; PDPD Art. 17). Retention: up to 10 years.
Job Applications
If you apply for a position at Synemos, we collect personal data in your application documents (name, contact details, CV, qualifications, cover letter). We process this for the purpose of evaluating your application and conducting the recruitment process. The legal basis is pre-contractual measures and statutory requirements (GDPR Art. 6(1)(b) and Art. 88; nFADP; PDPD Art. 17). Unsuccessful applications are deleted within 6 months of the final decision, unless you consent to longer retention.
Newsletter Subscription
If you subscribe to our newsletter, we collect your email address and optionally your first name. You may unsubscribe at any time via the link in any newsletter. Your data is deleted promptly upon unsubscription. The legal basis is your consent (GDPR Art. 6(1)(a); nFADP; PDPD Art. 11).
Cookies and Tracking Technologies
Our website may use cookies and similar technologies (such as pixel tags or web beacons) to enhance your browsing experience, analyse website usage, and support our marketing efforts.
- Essential cookies: Required for the basic functioning of the website (e.g. session management). These cannot be disabled without affecting functionality.
- Analytics cookies: Help us understand how visitors interact with our website (e.g. page views, traffic sources). Used in anonymised or pseudonymised form.
- Marketing cookies: Used to deliver more relevant advertising and to measure the effectiveness of campaigns. Only set with your prior consent.
You may configure your browser to refuse cookies or to alert you when cookies are being set. A cookie consent banner is displayed on your first visit to our website; you can adjust your preferences at any time.
Analytics and Third-Party Services
Website Hosting
Our website is hosted by a third-party web hosting provider. In connection with hosting, technical data (including IP addresses) may be processed on our behalf by the hosting provider under a data processing agreement.
Google Analytics
We may use Google Analytics (Google LLC, Mountain View, CA, USA) to analyse website traffic. IP addresses are anonymised before transmission (IP masking). We have concluded a data processing agreement with Google. Data may be transferred to Google servers in the USA; Google participates in the EU-US Data Privacy Framework. You may opt out via the Google Analytics Opt-out Browser Add-on.
LinkedIn Analytics
We may use the LinkedIn Insight Tag (LinkedIn Corporation, Sunnyvale, CA, USA) for conversion tracking and retargeting. You can opt out at any time via your LinkedIn account settings under "Advertising preferences".
Email Marketing
We use a third-party email service provider (e.g. SendGrid / Twilio) to send newsletters and transactional emails. This provider processes email addresses on our behalf under a data processing agreement and complies with applicable data protection standards including the EU-US Data Privacy Framework.
International Data Transfers
As a company with operations in Switzerland and Vietnam serving clients internationally, personal data may be transferred between countries. We ensure that such transfers comply with the applicable legal frameworks:
- Transfers from Switzerland to the EU/EEA are governed by Switzerland's adequacy recognition of EU member states.
- Transfers from Switzerland or the EU/EEA to third countries (e.g. Vietnam, USA) are carried out on the basis of adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules, or other appropriate safeguards as required by the nFADP and GDPR.
- Transfers involving personal data of Vietnamese data subjects are conducted in compliance with PDPD Article 25, which requires consent or other legal bases for cross-border transfers, and in some cases prior notification to or approval from the Ministry of Public Security.
Where we transfer personal data internationally, we apply appropriate technical and organisational security measures to protect your data throughout the transfer.
Purposes and Legal Bases for Processing
We process personal data only for specified, explicit, and legitimate purposes. The table below summarises our main processing activities:
| Purpose | Categories of Data | Legal Basis |
|---|---|---|
| Website operation & security | IP address, log data | Legitimate interest (nFADP Art. 31 / GDPR Art. 6(1)(f)) |
| Responding to enquiries | Name, email, message content | Pre-contractual measures (GDPR Art. 6(1)(b)) / Legitimate interest |
| Processing job applications | CV, qualifications, contact details | Pre-contractual measures; statutory requirements |
| Sending newsletters | Email address, name | Consent (GDPR Art. 6(1)(a); PDPD Art. 11) |
| Analytics & website improvement | Pseudonymised usage data | Consent / Legitimate interest |
| Legal compliance | As required by applicable law | Legal obligation (GDPR Art. 6(1)(c)) |
| Business development & sales | Contact data of business partners | Legitimate interest / Contract performance |
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods:
- Server log files (IP addresses, access data): 14 days
- Contact enquiry data: up to 10 years (statutory retention obligation)
- Rejected job applications: 6 months from final decision (or longer with your consent)
- Newsletter subscriber data: until unsubscription, after which data is promptly deleted
- Contractual data: 10 years from end of contract (statutory obligation under Swiss law)
- Analytics data (Google Analytics): as per Google's data retention settings (default 14 months)
Upon expiry of the applicable retention period, personal data is securely and irreversibly deleted or anonymised.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- Encryption of data in transit using TLS (Transport Layer Security)
- Access controls and role-based permissions for systems containing personal data
- Regular review and updating of security measures in line with technological developments
- Contractual obligations with processors and subprocessors to maintain equivalent security standards
No method of transmission over the Internet or electronic storage is 100% secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority as required by applicable law.
Disclosure and Sharing of Personal Data
We do not sell, rent, or otherwise commercially exploit your personal data to third parties. We may share personal data in the following limited circumstances:
- Service providers and processors: We engage trusted third-party service providers (e.g. web hosting, email, analytics) who process data on our behalf under binding data processing agreements.
- Business partners: Where necessary for the performance of services, we may share relevant data with partner organisations (e.g. linkyard AG, Switzerland) under appropriate contractual safeguards.
- Legal requirements: We may disclose data where required to do so by law, court order, or regulatory authority, or to protect the rights, property, or safety of Synemos, our clients, or others.
- Corporate transactions: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction, subject to continued confidentiality and data protection obligations.
Your Data Subject Rights
Depending on your location and the applicable legal framework, you may have the following rights with respect to your personal data. We honour these rights in accordance with the nFADP, GDPR, and PDPD as applicable:
- Right of access: Request confirmation of whether we process personal data about you, and receive a copy of that data.
- Right to rectification: Request correction of inaccurate or incomplete personal data.
- Right to erasure ('right to be forgotten'): Request deletion of your personal data where it is no longer necessary for the purposes collected, or where you withdraw consent.
- Right to restriction of processing: Request that we restrict the processing of your personal data in certain circumstances.
- Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format (GDPR).
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: Lodge a complaint with the competent supervisory authority (see Section 14).
To exercise any of these rights, please contact us at raymond.stebler@synemos.com. We will respond within 30 days. In complex cases we may extend this by a further 60 days, of which we will inform you in advance.
For Vietnamese data subjects, the above rights are available in accordance with PDPD Articles 9–12 (right to be informed, to consent or withdraw consent, to access and correct data, and to request deletion or restriction of processing).
Children's Privacy
Our website and services are not directed at children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe that we have inadvertently collected personal data from a child, please contact us immediately and we will take prompt steps to delete such data.
Supervisory Authorities and Right to Complain
If you believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority:
| Switzerland | Federal Data Protection and Information Commissioner (FDPIC) – www.edoeb.admin.ch |
| EU / EEA | The supervisory authority in your country of residence or place of work – edpb.europa.eu |
| Vietnam | Ministry of Public Security – Department of Cybersecurity and High-Tech Crime Prevention (A05) – www.mps.gov.vn |
We would appreciate the opportunity to address your concerns directly before you approach a supervisory authority. Please contact us at raymond.stebler@synemos.com in the first instance.
Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, applicable laws, or regulatory requirements. The current version will always be published on our website with the effective date indicated at the top of this document.
Where changes are material, we will notify you by email (if we hold your contact details) or by a prominent notice on our website prior to the change becoming effective. Your continued use of our website or services after the updated policy takes effect constitutes your acceptance of the revised terms.
Governing Law and Jurisdiction
This Privacy Policy is governed by Swiss law. Any disputes arising from or in connection with this policy that cannot be resolved amicably shall be subject to the exclusive jurisdiction of the courts of Bern, Switzerland, without prejudice to your statutory rights under the law of your country of residence.